Who’s Tracking Whom?
There’s a chance some of your health data could be shared more widely than you thought.
Personal technology has become an indispensable tool for the fitness minded and health conscious. You are now able to know more about your physical self than has ever been possible outside of a clinical setting, and you can use that insight to stay motivated, meet your fitness goals or just stay healthier.
Have you thought about what else is happening to that personal information? Who sees it, and what are they able to do with it? These are questions worth pondering, particularly right now as the laws around online privacy and the protection of health information seem to be changing every day.
Where your data goes
The data your smartphone or tracker gathers about you—plus the data you type in, like your food log—usually winds up combined into a single “view,” a kind of personal health dossier. That makes sense because it’s hard to get a complete picture if you have to open five or six different apps to find all the relevant information.
To create that master view, the app or service provider pulls all the data you generate into its servers via the Internet. That means your personal dossier is out there in the cloud somewhere. You’re not really in control of how it’s stored or who else might see it.
As a culture, we’ve grown more comfortable with sharing a lot of our personal information online this way. Every time you post something on social media or buy something on a website, you’re giving out some personal information as part of the process. Your post or purchase is linked to your identity, the date and time, and maybe even where you were at the time and how you paid for what you bought.
That information pays for a “free” service when it gets sold to companies who want to advertise to you, and Americans seem to be OK with the bargain. A study by the Pew Research Center found that about half of all Americans are fine with letting merchants track their shopping habits, for instance, in exchange for a discount or something else of value like frequent flier miles.
A lot of the time, we don’t even think about all this until we get an offer or ad based on something we did online. Sometimes that’s useful—maybe when you get offered a healthy discount on some new workout gear. It also can keep your screen from being cluttered by ads that aren’t relevant for you. (Occasionally, there’s an amusing failure: Ever since my wife used one of my online shopping accounts to buy some new bras, I’ve been bombarded with “targeted” ads for lingerie.)
Who sees your data
This kind of unconscious information sharing has the potential to be a lot more serious, though, when it concerns your health data.
You might be willing to share a weight loss goal with your friends via a fitness app, but you may not want to post it on your public Facebook page. You may willingly share every bit of data you collect with your doctor—after all, it could help save your life. You probably don’t feel that way about sharing it with anyone else though.
The Pew study found that more than half of the Americans surveyed would be OK with their doctor keeping a health dossier in a secure electronic medical records system, but people have pretty strong reactions against that information winding up in anyone else’s hands, which is very possible.
Laws and regulations like HIPAA control the sharing of personally identifiable health information, but those regulations apply mostly to those who provide health care: hospitals, doctors, and any technology company that works directly with them. Most fitness apps, however, aren’t covered by HIPAA because software companies in general aren’t considered to be in the health care business. So unless the app is part of a medical device that’s regulated by the FDA, what protects your information from being shared is the maker’s privacy policy.
Informed choices
It turns out that a lot of apps related to health and wellness have weak or nonexistent privacy policies. A study in the Journal of the American Medical Association last year examined privacy policies for apps used by people with diabetes to track blood sugar levels and insulin use. The study found that 81 percent of those apps had no privacy policy, and a quarter of the apps shared information with third parties.
Now imagine if that information was suddenly available to your boss, your prospective landlord, your bank? How might that affect your chances at a job, an apartment or a loan? That’s what worries privacy advocates and consumer groups, and they’re alarmed that what protections do exist are being eroded.
As of this writing, H.R. 1313, the Preserving Employee Wellness Programs Act, had been introduced in Congress by North Carolina Representative Virginia Foxx. The bill would provide employers with access to genetic information about you that they have been barred from seeing for the past several years under the Genetic Information Nondiscrimination Act.
The potential access to your genetic information even goes for consumer genetic testing, available from companies like 23andMe, Ancestry.com and Helix. For the price of a high-end tracker, these tests can map your genes and potentially reveal if you might be at risk for certain diseases.
In addition, Congress has passed legislation removing prohibitions on your ISP selling data about your Web usage to third parties. That’s disturbing when you consider that medical profiling—which pulls together personal information about you, your finances and your health conditions from a wide range of sources—is big business.
Is it time to throw your tracker in the trash and delete those apps? Not necessarily. There’s a lot of personal benefit to this technology for your health, and over time, we could see new kinds of protections for this information. (The E.U. is close to finalizing rules for mobile health apps.) What’s important is that people understand and consider the risks and make informed decisions about what they want to track and the apps they choose to use.
Photo credit: kantver Adobe Stock 121128203